Several crypto backends in opencrypto treat the HMAC algorithm as if it
were identical to the HMAC_96 algorithm, truncating output to 12 bytes.
This has presumably gone unnoticed because:
1) IPsec always wants the truncation
2) There are no other kernel consumers for this API
3) The only significant consumer of the userspace /dev/crypto API
is the cryptodev OpenSSL engine, and all support for hashes
was removed from the source in a fit of pique.
I am about to check in changes which fix this. If you have any (broken)
code of your own which requests the HMAC algorithm but expects to get a
truncated result, it will stop working (as it did on FreeBSD when they
fixed this some time ago).
--
Thor Lancelot Simon
tls%rek.tjls.com@localhost
"The inconsistency is startling, though admittedly, if consistency is to
be abandoned or transcended, there is no problem." - Noam Chomsky